Title

Author

Date Approved

Degree Type

Degree Name

Doctor of Philosophy (PhD)

Department

College of Technology

Committee Member

Dorothy McAllen

Committee Member

Joseph Bauer

Committee Member

Bilquis Ferdousi

Committee Member

Huei Lee

Abstract

Cyber-attacks threaten the security of computer users’ information, networks, machines, and privacy. Studies of computer security education, awareness, and training among ordinary computer users, college students, non-IT-oriented user groups, and non-technically trained citizens are limited. Most research has focused on computer security standards and guidelines in organizational contexts. Few studies have analyzed the predictors of college students’ adoption of computer security practices. Based on a comprehensive literature review, researchers have relied heavily on well-established behavioral theories, such as the technology acceptance model (TAM), theory of planned behavior (TPB), and protection motivation theory (PMT) to explain the variation in adoption of computer security practices among college students. This dissertation builds on this growing body of scholarship by blending those three into a single conceptual framework with the objective of finding the factors influencing the adoption of computer security practices among college students. This research tested the empirical fit of a model based on the technology acceptance model, theory of planned behavior, and protection motivation theory in explaining the variation in college students’ responses to a set of questions on their likelihood of adopting computer security practices. The model included the following independent variables: perceived vulnerability, perceived severity, response efficacy, computer self-efficacy, attitudes, subjective norms, perceived behavioral control, perceived ease of use, perceived usefulness, and awareness. The demographic variables (age, gender, education level, major, college, and IT experience) were used as control variables moderating the relationship between the cited independent variables and dependent variable. The dependent variable was computer security practices based on a composed scale of four items asking students to what extent they check, verify, or exercise caution in opening emails and attachments. Based on a 301 convenience sample collected at a Midwestern University, the analysis resulted in the significance of perceived vulnerability, perceived ease of use, and perceived usefulness. This finding suggests that the TAM enjoys empirical support in the study of computer security practices unlike the TPB or PMT. Results of this study should encourage university administrators to create workshops on teaching students the usefulness and ease of adopting computer security practices. Experimental research is highly encouraged because survey research suffers from several weaknesses such as social desirability.